upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-12 18:20:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

* Do not dereference a NULL pointer when calling an SCTP send syscall

Browse source 
not providing a destination address and using ktrace.
* Do not copy out kernel memory when providing sinfo for sctp_recvmsg().
Both bug where reported by Valentin Nechayev.
The first bug results in a kernel panic.
MFC after: 3 days.
This commit is contained in:
Michael Tuexen 2010-06-26 19:26:20 +00:00
parent e2a2599f07
commit e1c97831ec
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
sys/kern/uipc_syscalls.c
View file

@ -2409,7 +2409,7 @@ sctp_generic_sendmsg (td, uap)
if (error)
goto sctp_bad;
#ifdef KTRACE
if (KTRPOINT(td, KTR_STRUCT))
if (to && (KTRPOINT(td, KTR_STRUCT)))
ktrsockaddr(to);
#endif
@ -2523,7 +2523,7 @@ sctp_generic_sendmsg_iov(td, uap)
if (error)
goto sctp_bad1;
#ifdef KTRACE
if (KTRPOINT(td, KTR_STRUCT))
if (to && (KTRPOINT(td, KTR_STRUCT)))
ktrsockaddr(to);
#endif
@ -2677,6 +2677,7 @@ sctp_generic_recvmsg(td, uap)
if (KTRPOINT(td, KTR_GENIO))
ktruio = cloneuio(&auio);
#endif /* KTRACE */
memset(&sinfo, 0, sizeof(struct sctp_sndrcvinfo));
CURVNET_SET(so->so_vnet);
error = sctp_sorecvmsg(so, &auio, (struct mbuf **)NULL,
fromsa, fromlen, &msg_flags,